Generic Sensitivity Classes
Trust Framework members can allocate a dataset into ‘classes’ depending on its sensitivity profile. Access and security requirements differ across classes.
This specification defines generic sensitivity classes, identified by URLs in the IB1 Root Registry with the https://registry.trust.ib1.org/sensitivity-class/ prefix.
Note: This document uses US English. To align with W3C and other prevalent standards, IB1 uses US English in its technical specifications and technical documentation.
Sensitivity Classes
Closed data (IB1-C)
https://registry.trust.ib1.org/sensitivity-class/IB1-C
Datasets which must not be shared within the Trust Framework. This class is provided for completeness, and records which are classified with this class will not be included in any Trust Framework catalog.
Open Data (IB1-O)
https://registry.trust.ib1.org/sensitivity-class/IB1-O
Full open access, under an open data license. Free to use, by anyone, for any purpose.
Shared A (IB1-SA)
https://registry.trust.ib1.org/sensitivity-class/IB1-SA
Datasets which can/could be shared, but which require the user to agree to standard T&Cs to access. May include some openly licensed materials (e.g. CC BY-SA or GNU AGPLv3).
Shared B (IB1-SB)
https://registry.trust.ib1.org/sensitivity-class/IB1-SA
Datasets which can/could be shared, but currently require some bilateral contract negotiation. May include data currently shared on the basis of group-based access. May include aggregated, anonymised or pseudonymised data about individuals.
Personal (IB1-SP)
https://registry.trust.ib1.org/sensitivity-class/IB1-SP
Datasets which include personal data, requiring appropriate consent to share, or other legal bases to data processing, as defined by the UK DPA 2018.
Sensitivity Class Requirements
The requirements for data shared within the Trust Framework depend on the sensitivity class. These requirements are available in machine readable form in the RDF documents at the URLs above in the Registry.
In the table below, a Yes in the Auth? column means that the sensitivity class requires the client to authenticate with the server and follow access rules described in the Registry.
A Yes in the FAPI? column means that the sensitivity class requires the use of a FAPI compliant API.
A Yes in the Permission? column means the sensitivity class requires that Permission (consent) is explicitly granted for access to data relating to an end user.
| Class | Code | Auth? | FAPI? | Permission? |
|---|---|---|---|---|
| Closed Data | IB1-C |
n/a | n/a | n/a |
| Open Data | IB1-O |
No | No | No |
| Shared (A) | IB1-SA |
Yes | Yes | No |
| Shared (B) | IB1-SB |
Yes | Yes | No |
| Personal | IB1-SP |
Yes | Yes | Yes |